With all the attacks on the NHS and other large companies across the world, we wanted to update you on some of the details of what can be affected. 88% of the world currently uses Windows, this means that hackers have the best chance of making a profit attacking this system, Mac and the others take up the remaining 12% of the Operating Systems.
Most web servers use Linux, and since wannacry affects CVE-2017-0146 and CVE-2017-0147 which is the NSA leak exploit which was released by Shadow Broker almost 3 weeks ago, both of which are only Windows exploits. If someone is using ‘wine’ on Linux can also be affected but only within the ‘wine’ section of the system.
It takes advantage of an SMB exploit.
There are 2 paths that can help you protect yourself.
- Make this domain available to your environment.
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com The wannacry uses this to detect if the environment is running under analysis or not. This domain was a unregistered domain until researchers realized. They made it and purchased to domain to stop the spreading. On registering the ransomware thinks it is running under sandbox and hence stops
- Download the patch officially release by Microsoft. Following is the link.
SMB patch: https://technet.microsoft.com/library/security/MS17-010
Concluding: WannaCry is the ransomware affects only Windows systems.
Therefore if you’re on Windows Hosting you can be affected if they haven’t patched the server correct, if you have a VPS on Windows, make sure its fully updated to protect your data.
And always backup your files somewhere else
Find out more at https://solblu.uk
Its not the end of the world, but you have some work to do. Here’s a list of all the common ones and what to do!
- Phishtank – Please visit the following page: http://www.phishtank.com/contact.php and follow the instructions for reporting an incorrect phishing page.
- Clean-MX – Please send an email to email@example.com with detailes of what you have done to take care of any malware/spam issues.
- Malware URL – Please follow the instructions here: http://www.malware.com.br/contrib.shtml#submit
- SURBL – Please follow the instructions here: http://www.surbl.org/faqs#whitelist
- DNS Blacklist – Please read the following page: http://www.dnsbl.info/blacklist-removal.php – you will need to put in your IP address at the top of the page to see why DNSBL is blacklisting your IP. You can find your website’s ip address by following the instructions here: http://www.wikihow.com/Find-a-Website’s-IP-Address . Once you put in your IP at DNSBL – you will be able to see the specific blacklist that is marking your domain/IP as unsafe – you will then need to visit the page of the blacklist by searching for it in a search engine like Google and request a removal from the specific blacklist.
- Symantec – Please follow the instructions here : http://safeweb.norton.com/help/site_owners#getting_started to get started with creating an account at Norton and request a removal from the blacklist.
- SpamCop – To get off SpamCop’s blacklist – please ensure that your site is clean and then contact our friends who do a good job of keeping spam off the Internet via http://www.spamcop.net/fom-serve/cache/91.html
- Jwspamspy – Please send an email to firstname.lastname@example.org asking to be let off the Joe Wein blacklist.
- Bing/Yahoo – To request a removal from Bing’s blacklist (which is often fraught with false positives) please use the information below:
To request a removal from Bing and Yahoo’s lists you can go here: https://support.discoverbing.com/eform.aspx?productKey=bingcontentremoval&ct=eformts&scrx=1&st=1&wfxredirect=1
Select “My Site Has a Malware Warning” and then select the appropriate option and continue.
- McAfee – To request a review for removal of your website off McAfee’s Blacklist, please visit http://www.siteadvisor.com/userfeedback.html , fill in the appropriate values and click the “Send Your Feedback” button.
It will usually take 5-7 working days to get your site off this blacklist.
- Google – To request a review of your site at Google, here are the instructions:
– Log into Google Webmaster Tools (www.google.com/webmasters/)
– Click on your site name (e.g. www.yoursite.com)
– Click on Health in the left hand navigation
– Click on Malware
If your site is not already registered with Google, you will first have to register it by following the instructions below –
You will then be giving the choice to verify your website. You can verify your website using the standard Google method or ALTERNATIVE methods. The standard method requires inserting some code into your website that Google provides. However, if you have no knowledge of how to insert code, Google provides an Alternative tab and if you click there you will find a few simple methods to verify your website that require NO knowledge of the inner workings of your website. Select which verification method you want to use and then click the “Verify” button. After you are verified which takes a few seconds, you can proceed.
– Click on Request a Review
Over the past few months I have bumped into many companies that have not been looking after their email domains. So after many an hour helping people fix this I started wondering how many of use are looking after their email domains?
Ask yourself this, are you a responsible email marketer or a spammer? You many think of yourself as the first, but many other people might see you as the second. Did you know you can test this yourself?
Go here and send them an email from your coporate address, did you score less than 7? 5? 3? or even 0? Don’t be surprised if you got any of these scores, in my experience its quite common! Lets explore the common factors and how to fix them.
First all make sure the mail server you’re using is configured correctly? Do you have a DMARC? Is your SPF configured correctly? Is you DKIM Signature valid?
All of these things will affect your score and could be the difference between a 6 and 10 score. If you’re asking yourself what all these things are and where to fix them, have a look at your DNS entries, all of these things are linked back to DNS.
Lets remove the acronyms for you:
- DKIM (DomainKeys Identified Mail) is an important authentication mechanism to help protect both email receivers and email senders from forged and phishing email. Forged email is a serious threat to all parties in an email exchange.
- An SPF (Sender Policy Framework) record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain. Recipients can refer to the SPF record to determine whether a message purporting to be from your domain comes from an authorized mail server.
- DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication protocol. It builds on the widely deployed SPF and DKIM protocols, adding a reporting function that allows senders and receivers to improve and monitor protection of the domain from fraudulent email.
Okay that’s the technical bit, the next bit is all about how you’ve been behaving over the past, are you on Blacklists?
In this case you need to contact the blacklist companies and have them remove you, it maybe your domain or it maybe your server. If its the server contact your hosting company to get help!
I hope this has been informative, let us know if you need any help!
Solidblueliquid Technical Team